What is Zero Trust Endpoint Security?
Zero Trust Security is a security architecture that requires all users within an organization’s network to be authorized, authenticated and continuously validated. Zero Trust security assumes that every machine is compromised, every network is breached and every user is at risk. Zero Trust security works on the foundation that trust is never implicitly granted but must be continually validated.
Zero Trust Security is based on the principle of “never trust, always verify.” All applications and updates to applications must be explicitly authorized before they are allowed to run on any computer. The automatic blocking of all new software dramatically increases the security of your computers and greatly reduces the risk of ransomware running on your systems.
The main benefit of Zero Trust security is that it reduces the attack surface and helps prevent data breaches and cyber-attacks by limiting the damage that can be caused by any compromised device. It also provides more granular visibility and control over network traffic, making it easier to identify and mitigate security risks.
In August 2020, The National Institute of Standards and Technology released NIST SP 800-207. This publication explains how the landscape of cyber-security is ever evolving and the implementation of a Zero Trust Security environment for your business is more essential than ever. Following the release of this publication, the President of the United States issued an executive order mandating that all U.S. Federal Agencies adopt and adhere to NIST 800-207.
The standard has undergone extensive evaluation and has received input from various stakeholders such as commercial customers, vendors and government agencies. This is why numerous private organizations consider Zero Trust Endpoint security the de facto standard for private enterprises. Read the full published document here.
How is Zero Trust Endpoint Security Different from Traditional Endpoint Security?
Traditional endpoint security products scan a computer when apps run and attempt to identify threats by signature (file names, size, etc.) or by identifying unusual behavior. The problem with this is that sometimes the security software doesn’t recognize a new threat or reacts after it is too late to stop it.
Zero Trust endpoint security solutions take a different approach to securing your system as opposed to traditional endpoint security, “trust but verify” method. Zero Trust is a framework for securing infrastructure and data for today’s modern digital transformation. It uniquely addresses the modern challenges of today’s business world, including securing remote workers, hybrid cloud environments and ransomware threats.
How does Zero Trust Security Work?
As previously stated, Zero Trust security works by assuming every aspect of your network is compromised. The Zero Trust security model assumes breach and verifies each request as if it originated from an open network. Many different vendors have created their own versions of Zero Trust security, however, at Willits Technologies we recommend ThreatLocker.
ThreatLocker runs on a “block by default” function, which means it will block all apps from running until they are explicitly allowed (whitelisted). Any unrecognized app that tries to run that is not on the
“whitelist,” will be blocked. This makes Zero Trust security extremely secure and makes it almost impossible for a bad app to run.
With ThreatLocker acting as a “block first – ask questions later” solution, you will need to contact us before you can install or use new or updated software. However, upon installation of ThreatLocker, your computer will be in “Learning Mode” for a few weeks while it meticulously creates the whitelist of approved of apps and software you run on your computer.
Keep in mind, even if something only runs once, on just one computer during Learning Mode, it will be allowed on any computer that tries to run it in the future.
This greatly reduces the impact on the users when the system is switched into “Protect Mode”.
What’s the Catch?
So, what’s the catch? Why doesn’t everyone use Zero Trust solutions? The “catch” is that a Zero Trust solution does not know the difference between good apps and bad apps, it blocks them all.
Modern apps are very sophisticated and what most people think of as an “app” is really a collection of “smaller apps” that call on each other to start and stop when different functions are performed. Each one of these “smaller apps” need to be authorized to run on every computer in your organization. Add to this the constant stream of updates to apps being installed, and zero trust solutions can become noisy, however extremely worthwhile.